Search

Subscribe

Defeating Caller ID Blocking

TrapCall instructs new customers to reprogram their cellphones to send all rejected, missed and unanswered calls to TrapCall's own toll-free number. If the user sees an incoming call with Caller ID blocked, he just presses the button on the phone that would normally send it to voicemail. The call invisibly loops through TelTech's system, then back to the user's phone, this time with the caller's number displayed as the Caller ID.

There's more:

In addition to the free service, branded Fly Trap, a $10-per-month upgrade called Mouse Trap provides human-created transcripts of voicemail messages, and in some cases uses text messaging to send you the name of the caller — information not normally available to wireless customers. Mouse Trap will also send you text messages with the numbers of people who call while your phone was powered off, even if they don't leave a message.

With the $25-a-month Bear Trap upgrade, you can also automatically record your incoming calls, and get text messages with the billing name and street address of some of your callers, which TelTech says is derived from commercial databases.

Obviously, they want you to pay for their service. However, will they make enough to pay for the system and the free services? What is the game plan for profit? The sign up page says "Trapcall will not sell, or distribute information about you, or the callers that may have called you", but the Terms of Service don't. In fact, the TOS says "TrapCall.com assumes no responsibility for the accuracy of any particular statement and accepts no liability for any loss or damage which may arise from reliance on the information contained on this site", which leads me to believe the disclaimer about selling your caller information may not be true.

The value to Trapcall is a list of valid phone numbers with linked email addresses that they can sell to spammers or anyone that wants to buy it.

@derf:
Trapcall is a freemium service. Phone time is extremely cheap when bought in bulk, and they offer premium services on Trapcall in addition to TelTech's other products, including SpoofCard (which they are all too happy to mention fools Trapcall in the latter's FAQ). These effectively subsidize the free service. SpoofCard at least is well-known and I've never heard any privacy complaints about that service.

And I invite you to check the privacy policy (which is as legally binding as terms of service) before making unfounded accusations: http://www.trapcall.com/privacy

Random nugger of information: ISTR that ISDN (at least the 30-channel version) always sent the calling number over the D-channel as part of the call setup, but with a bit to tell the phone whether it was allowed to show the calling number to the end-user.

Both BRI & PRI ISDNs send CID as part of call establishment phase. However certainly on BT lines (in UK), the only ones I've any experience with, if you specify a CID not associated with your line it gets rewritten to the lines 'primary' number.

I've always disliked the notion of CLID suppression: if you want to call me, you have no legitimate reason for attempting to conceal your identity. I subscribed to Anonymous Call Rejection for a while, despite the extra charge (which irritates me: why should withholding your number be free, yet rejecting anonymous calls is not?) but BT's handling is quite poor: a recorded 'error' message, rather than either going to voicemail, getting instructions to redial with the prefix 1470 instead (to release CLID) or ideally, a simple voice prompt: "This line does not accept anonymous calls - press 1 to be connected without withholding your number, or hang up." Of course, I'd also want this option to be the default for all lines, so the few exceptions which might actually want to accept anonymous calls can opt to do so, rather than making the rest of us pay to opt out. Less profitable for BT that way, though...

These days, I just ignore anonymous calls and let them go to voicemail. Simpler, but not perfect.

While I sympathise with James Sutherland's wish to know who is calling, his comment "if you want to call me, you have no legitimate reason for attempting to conceal your identity" is perhaps too strong.

I have used branch exchanges that sent a single number for all outgoing calls. In effect there were several thousand phones all with the same outgoing number but distinct incoming numbers.

This meant that if somebody called but did not leave a message it was not possible to return the call. Worse, if you were unaware of this and tried to return the call the person who answered could only tell you that they don't know who called - they couldn't even identify the building from which the original call had come. This annoyed both parties.

To avoid this problem the telecom department had a policy that caller ID was disabled on all phones.

Something similar occurs with many VoIP to phone gateways - caller ID shows the number of the gateway, not the number of the calling phone. It is sometimes more helpful to suppress caller ID, especially if the person being called expects to be able to use the number to return a call.

I imagine that some Trapcall customers who try to return a call will find themselves calling the wrong number.

Ooh -- Bruce! The People demand an update about the SHA-3 candidate conference! Or, assuming you're not there, what you've heard about it from colleagues.

It appears much of it will be yawner presentations of candidates that are either too slow or too weak to make it, but there could be either fun cryptography or some clarity on how they'll whittle down the candidate list.

When I worked somewhere in Australia playing with VoIP with a POTS on-ramp, we similarly discovered that we could specify any number we wished as a calling number, and it would go through. We brought it up to our telephony provider, and they couldn't see the issue with being able to spoof our number.

There were of course discussions about calling campaigns involving dialling random numbers from the phone book and hanging up after one or two rings while spoofing various figures. Most effective if the call is after midnight!

@netcrusher88,

Interesting idea when your products include "irresistible force" and "unmovable object"... which of the products do you favour?

@Mrten: Right on wrong. On a call where the number is suppressed it is transmitted throughout the phone network. But the last CO will remove the number when signalling the call to the end customer, so no, the number is not transmitted to the phone and no, the phone can't ignore the number suppression.

And this is an example where a number was provided by the calling end user which differs from the "real" number of his line (this is usually not available with standard lines but as a feature e.g. for call centers):

This service is exploiting a bug in the way caller-ID blocking is implemented. The key is that if you call a toll-free (800/888/etc) number, your info is reported even if caller ID is enabled. So the trick they use is to forward calls to a toll-free number, then back again to the original destination. The problem is that the caller does not know this is happening and has no way to block it.

@Phillip: surprisingly, that doesn't always work anymore. I'm currently using a Sprint prepaid card, and callers do get my number displayed, so they're passing it through. I've never known that to be true with other prepaid cards.

@ neill
That does not work: I used to have an ISDN connection with 4 sequential numbers.
Only the first, main number was used and given to other people, but all 4 were connected on a local PBX. Very often we would receive a sales call on the first number, then the second light would light up, etc... This shows they just call all numbers sequentially...

Callwave, which provides better voicemail for free does the same thing.

It was never advertised or even noted by the company, but users quickly realized that they were suddenly seeing CID numbers from previously blocked lines (often our own). I suspect that it was initially a bug that they decided was nice.

BTW, I strongly recommend Callwave's service even though I am no longer a customer (moved to iPhone).

You've been able for decades to buy an off-the-shelf phone system that can record all incoming calls; you could probably do it with Asterisk for almost no money, though you'd spend more time setting it up. If you get a personal 800 number, caller ID and any blocking thereof is pretty much irrelevant, and it's probably cheaper per month than a lot of people's cellular plans. Or you can just get anonymous call blocking, and calls that are blocking caller ID won't cause your phone to ring in the first place, which is even better as far as I'm concerned. Transcript services have been around for a good while too, though I don't know if they've ever been quite that cheap.

The value here, from a commercial perspective, is that they're bringing all these things together and making them convenient and marketing them as a package with easily understood bullet points. I'm not sure that really has a whole lot of major security implications, because like I said it could all be done before anyway.